Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Error 500 Importing Security Detection Rule #210442

Open
MakoWish opened this issue Feb 10, 2025 · 3 comments
Open

[Security Solution] Error 500 Importing Security Detection Rule #210442

MakoWish opened this issue Feb 10, 2025 · 3 comments
Assignees
@banderror
Labels
bug Fixes for quality problems that affect the customer experience Team:Detection Rule Management Security Detection Rule Management Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. triage_needed

Comments

@MakoWish
Copy link

MakoWish commented Feb 10, 2025
edited
Loading

Describe the bug:

When attempting to import a Security Detection rule that was previously exported, the following error message appears:

{
  "name": "Error",
  "body": {
    "message": "Cannot use 'in' operator to search for 'investigation_fields' in Honeypot",
    "status_code": 500
  },
  "message": "Internal Server Error",
  "stack": "Error: Internal Server Error\n    at fetch_Fetch.fetchResponse (https://elastic/86cbc85e621f/bundles/core/core.entry.js:16:232029)\n    at async https://elastic/86cbc85e621f/bundles/core/core.entry.js:16:230021\n    at async https://elastic/86cbc85e621f/bundles/core/core.entry.js:16:229978"
}

Kibana/Elasticsearch Stack version:

8.17.0

Server OS version:

Ubuntu 24.04 LTS

Browser and Browser OS versions:

Firefox 135.0 (64-bit)
Kubuntu 24.04 LTS

Elastic Endpoint version:

Original install method (e.g. download page, yum, from source, etc.):

Functional Area (e.g. Endpoint management, timelines, resolver, etc.):

Steps to reproduce:

  1. Navigate to 'Detection rules (SIEM)' and attempt to import a single rule that has previously been exported

Current behavior:

Error 500 noted above.

Expected behavior:

Rule should import.

Screenshots (if relevant):

Image

Errors in browser console (if relevant):

Provide logs and/or server output (if relevant):

Any additional context (logs, chat logs, magical formulas, etc.):
@MakoWish MakoWish added bug Fixes for quality problems that affect the customer experience Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. triage_needed labels Feb 10, 2025
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@MakoWish MakoWish changed the title [Security Solution] [Security Solution] Error 500 Importing Security Detection Rule Feb 10, 2025
@MadameSheema MadameSheema added Team:Detection Rule Management Security Detection Rule Management Team Team:Detection Engine Security Solution Detection Engine Area labels Feb 10, 2025
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-engine (Team:Detection Engine)

@yctercero yctercero assigned banderror and unassigned yctercero Feb 10, 2025
@yctercero yctercero removed the Team:Detection Engine Security Solution Detection Engine Area label Feb 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@banderror banderror

Labels
bug Fixes for quality problems that affect the customer experience Team:Detection Rule Management Security Detection Rule Management Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. triage_needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@banderror @yctercero @elasticmachine @MadameSheema @MakoWish